基于多样化反馈演进策略的协议模糊测试OACSTPCD

Network protocols are the basis of Internet communications,and security issues of them may expose a large number of devices in the network to catastrophic risks.Network protocols cover various layers and types,and each layer has its own characteristics and purposes.Vulnerabilities mining in the protocol implementation is a challenging task in computer security.We propose a black-box fuzzing scheme for multiple public or private network protocols,which can discover vulnerabilities in protocol implementation without knowledge of code and specifications.The proposed method can automatically implement protocol learning and feature extraction for a variety of network protocols from the physical layer to the application layer,and generate efficient test cases according to the results.In addition,multiple feedback strategies,such as status feedback,weight feedback,and machine learning are designed to improve the effectiveness of test cases.Furthermore,technologies such as taint analysis and execution flow tracking are used to monitor the process and results of test execution of the tested target,making the test result more accurate and improving the accuracy of vulnerability mining.In order to evaluate the effectiveness of the proposed method,we design and implement a fuzzing prototype system and several unknown security vulnerabilities in the protocol implementation are detected.Furthermore,compared with other schemes in terms of performance,the proposed method is outperformed in multiple dimensions of efficiency variation.